On Wed, May 01, 2013 at 02:30:52PM -0700, John Johansen wrote: > aa_put_profile causes profiles to go throw an rcu based delayed free > cycle. Discard profiles that can't be in use and hence don't need the delayed > free call free_profile directly.
This description doesn't seem to match the code, which looks like a simple sed s/free_profile/aa_free_profile/ -- does the patch header need updating? or has the corresponding code been placed into another patch? Thanks > Signed-off-by: John Johansen <[email protected]> > --- > security/apparmor/include/policy.h | 1 + > security/apparmor/policy.c | 10 +++++----- > security/apparmor/policy_unpack.c | 4 ++-- > 3 files changed, 8 insertions(+), 7 deletions(-) > > diff --git a/security/apparmor/include/policy.h > b/security/apparmor/include/policy.h > index 587cb28..6d2b949 100644 > --- a/security/apparmor/include/policy.h > +++ b/security/apparmor/include/policy.h > @@ -227,6 +227,7 @@ struct aa_namespace *aa_find_namespace(struct > aa_namespace *root, > void aa_free_replacedby_kref(struct kref *kref); > struct aa_profile *aa_alloc_profile(const char *name); > struct aa_profile *aa_new_null_profile(struct aa_profile *parent, int hat); > +void aa_free_profile(struct aa_profile *profile); > void aa_free_profile_kref(struct kref *kref); > struct aa_profile *aa_find_child(struct aa_profile *parent, const char > *name); > struct aa_profile *aa_lookup_profile(struct aa_namespace *ns, const char > *name); > diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c > index 53a0573..5fe1559 100644 > --- a/security/apparmor/policy.c > +++ b/security/apparmor/policy.c > @@ -307,7 +307,7 @@ fail_ns: > return NULL; > } > > -static void free_profile(struct aa_profile *profile); > +void aa_free_profile(struct aa_profile *profile); > /** > * free_namespace - free a profile namespace > * @ns: the namespace to free (MAYBE NULL) > @@ -324,7 +324,7 @@ static void free_namespace(struct aa_namespace *ns) > aa_put_namespace(ns->parent); > > ns->unconfined->ns = NULL; > - free_profile(ns->unconfined); > + aa_free_profile(ns->unconfined); > kzfree(ns); > } > > @@ -568,7 +568,7 @@ void aa_free_replacedby_kref(struct kref *kref) > } > > /** > - * free_profile - free a profile > + * aa_free_profile - free a profile > * @profile: the profile to free (MAYBE NULL) > * > * Free a profile, its hats and null_profile. All references to the profile, > @@ -577,7 +577,7 @@ void aa_free_replacedby_kref(struct kref *kref) > * If the profile was referenced from a task context, free_profile() will > * be called from an rcu callback routine, so we must not sleep here. > */ > -static void free_profile(struct aa_profile *profile) > +void aa_free_profile(struct aa_profile *profile) > { > AA_DEBUG("%s(%p)\n", __func__, profile); > > @@ -619,7 +619,7 @@ static void aa_free_profile_rcu(struct rcu_head *head) > if (p->flags & PFLAG_NS_COUNT) > free_namespace(p->ns); > else > - free_profile(p); > + aa_free_profile(p); > } > > /** > diff --git a/security/apparmor/policy_unpack.c > b/security/apparmor/policy_unpack.c > index f47b882..69894ad 100644 > --- a/security/apparmor/policy_unpack.c > +++ b/security/apparmor/policy_unpack.c > @@ -615,7 +615,7 @@ fail: > else if (!name) > name = "unknown"; > audit_iface(profile, name, "failed to unpack profile", e, error); > - aa_put_profile(profile); > + aa_free_profile(profile); > > return ERR_PTR(error); > } > @@ -763,7 +763,7 @@ int aa_unpack(void *udata, size_t size, struct list_head > *lh, const char **ns) > > error = verify_profile(profile); > if (error) { > - aa_put_profile(profile); > + aa_free_profile(profile); > goto fail; > } > > -- > 1.8.1.2 > > > -- > AppArmor mailing list > [email protected] > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/apparmor >
signature.asc
Description: Digital signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
